Link Windows Agents During Installation
Required User Role: User with administrator privileges
Usage
Nessus Agents can be deployed and linked on Windows through the msiexec command. See example below:
# msiexec /i NessusAgent-versionnumber.msi NESSUS_GROUPS="Remote Agent Group 1"NESSUS_SERVER="192.0.2..34:8834" NESSUS_KEY=00a0927cb3df64d466ccd7ccbcc2d63fea1ea91f5ea5ebe22390a4d69caa6c6acf /qn
The following are available linking parameters:
| Parameter | Description |
|---|---|
| NESSUS_OFFLINE_INSTALL | You can install the Tenable Nessus Agent on a system even if it is offline. Add the command line option NESSUS_OFFLINE_INSTALL="yes" to the command line input. The Tenable Nessus Agent will periodically attempt to link itself to either Tenable Vulnerability Management or Tenable Nessus Manager. If the agent cannot connect to the controller then it retries every hour, and if the agent can connect to the controller but the link fails then it retries every 24 hours. |
| ADDLOCAL=ALL | Install the Tenable Nessus Agent system tray application, as described in step 8 of Install a Tenable Nessus Agent on Windows in the Tenable Nessus Agent User Guide. |
| ADDLOCAL=ALL | Install the Tenable Nessus Agent system tray application, as described in step 8 of Install a Tenable Nessus Agent on Windows in the Tenable Nessus Agent User Guide. |
| NESSUS_PLUGINS_FILEPATH="C:\path\to\plugins_set.tgz" | Install a full plugins set before linking to reduce the bandwidth impact during a mass installation. Add the command line option NESSUS_PLUGINS_FILEPATH="C:\path\to\plugins_set.tgz" where plugins_set.tgz is a recent plugins set tarball less than five days old. A stale plugins set older than five days will force a full plugins download to occur. You can download a recent plugins set from the Tenable downloads page. |
| NESSUS_GROUPS |
Specify existing agent group or groups where you want to add the agent. If you do not specify an agent group during the install process, you can add your linked agent to an agent group later in Tenable Nessus Manager or Tenable Vulnerability Management. Note: The agent group name is case-sensitive and must match exactly. You must encase the agent group name in quotation marks (for example, --groups="My Group"). Note: Quotation marks (") are necessary when listing multiple groups, or one group with spaces in its name. For example:
|
|
NESSUS_PROCESS_PRIORITY |
Determine the priority of the agent relative to the priority of other tasks running on the system. For valid values and more information on how the setting works, see Agent CPU Resource Control Tenable Nessus Agent Deployment and User Guide. |
NESSUS_NAME
|
Specify the name for your agent. If you do not specify a name for your agent, the name defaults to the name of the computer where you are installing the agent. |
NESSUS_CA_PATH
|
Specify a custom CA certificate to use to validate the manager's server certificate. |
NESSUS_PROXY_SERVER
|
Specify the hostname or IP address of your proxy server. |
NESSUS_PROXY_USERNAME
|
Specify the name of a user account that has permissions to access and use the proxy server. |
NESSUS_PROXY_PASSWORD
|
Specify the password of the user account that you specified as the username. |
NESSUS_PROXY_AGENT
|
Specify the user agent name, if your proxy requires a preset user agent. |
For more information on installing Tenable Nessus Agents on Windows, see Install a Nessus Agent on Windows in the Nessus user guide.